Certified in Risk and Information Systems Control (CRISC) — Question 448

A large organization needs to report risk at all levels for a new centralized virtualization project to reduce cost and improve performance. Which of the following would MOST effectively represent the overall risk of the project to senior management?

Answer options

• A. Risk heat map
• B. Centralized risk register
• C. Key risk indicators (KRIs)
• D. Aggregated key performance indicators (KPIs)

Correct answer: A

Explanation

A Risk heat map provides a clear visual representation of the risk levels associated with the project, making it easier for senior management to understand overall risk at a glance. The other options, such as a Centralized risk register, may provide detailed information but lack the immediate visual impact needed for quick comprehension by management. Key risk indicators (KRIs) and aggregated key performance indicators (KPIs) are useful metrics but do not encapsulate the overall risk as effectively as a heat map.